/**
 * OWASP GoatDroid Project
 * 
 * This file is part of the Open Web Application Security Project (OWASP)
 * GoatDroid project. For details, please see
 * https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project
 *
 * Copyright (c) 2011 - The OWASP Foundation
 * 
 * GoatDroid is published by OWASP under the GPLv3 license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 * 
 * @author Jack Mannino, nVisium Security (https://www.nvisiumsecurity.com)
 * @created 2011
 */
package org.owasp.goatdroid.fourgoats.webservice.rewards;

import java.sql.SQLException;
import java.util.ArrayList;
import org.owasp.goatdroid.fourgoats.webservice.Constants;
import org.owasp.goatdroid.fourgoats.webservice.Salts;
import org.owasp.goatdroid.fourgoats.webservice.login.LoginImpl;
import org.owasp.goatdroid.fourgoats.webservice.login.LoginUtils;
import org.owasp.goatdroid.fourgoats.webservice.validators.Validators;

public class RewardsImpl {

	static public RewardsBean getAllRewards(String sessionToken) {

		RewardsBean bean = new RewardsBean();
		ArrayList<String> errors = new ArrayList<String>();
		if (LoginImpl.isSessionValid(sessionToken)
				&& Validators.validateSessionTokenFormat(sessionToken)) {
			try {
				RewardsDAO dao = new RewardsDAO();
				bean.setRewards(dao.getAllRewards());
				dao.closeConnection();
				bean.setSuccess(true);
				return bean;
			} catch (InstantiationException e) {
				errors.add(Constants.UNEXPECTED_ERROR);
			} catch (IllegalAccessException e) {
				errors.add(Constants.UNEXPECTED_ERROR);
			} catch (ClassNotFoundException e) {
				errors.add(Constants.UNEXPECTED_ERROR);
			} catch (SQLException e) {
				errors.add(Constants.UNEXPECTED_ERROR);
			}
		} else
			errors.add(Constants.INVALID_SESSION);
		bean.setSuccess(false);
		bean.setErrors(errors);
		return bean;
	}

	static public RewardsBean getMyEarnedRewards(String sessionToken) {

		RewardsBean bean = new RewardsBean();
		ArrayList<String> errors = new ArrayList<String>();
		if (LoginImpl.isSessionValid(sessionToken)
				&& Validators.validateSessionTokenFormat(sessionToken)) {
			try {
				RewardsDAO dao = new RewardsDAO();
				String userID = dao.getUserID(sessionToken);
				bean.setRewards(dao.getEarnedRewards(userID));
				dao.closeConnection();
				bean.setSuccess(true);
				return bean;
			} catch (InstantiationException e) {
				errors.add(Constants.UNEXPECTED_ERROR);
			} catch (IllegalAccessException e) {
				errors.add(Constants.UNEXPECTED_ERROR);
			} catch (ClassNotFoundException e) {
				errors.add(Constants.UNEXPECTED_ERROR);
			} catch (SQLException e) {
				errors.add(Constants.UNEXPECTED_ERROR);
			}
		} else
			errors.add(Constants.INVALID_SESSION);
		bean.setErrors(errors);
		bean.setSuccess(false);
		return bean;
	}

	/*
	 * This feature is only available to administrative users
	 */
	static public RewardsBean addNewReward(String sessionToken,
			String rewardName, String rewardDescription, String venueID,
			int checkinsRequired) {

		RewardsBean bean = new RewardsBean();
		ArrayList<String> errors = new ArrayList<String>();
		if (LoginImpl.isSessionValid(sessionToken)
				&& Validators.validateSessionTokenFormat(sessionToken)) {
			if (Validators.validateItemNameLength(rewardName)
					&& Validators
							.validateDescriptionOrCommentLength(rewardDescription)
					&& Validators.validateIDFormat(venueID)) {
				try {
					RewardsDAO dao = new RewardsDAO();
					String userID = dao.getUserID(sessionToken);
					// check for admin rights
					if (dao.isAdmin(userID)) {
						if (dao.doesVenueExist(venueID)) {
							String rewardID = LoginUtils
									.generateSaltedSHA256Hash(venueID
											+ rewardName + sessionToken
											+ LoginUtils.getTimeMilliseconds(),
											Salts.REWARD_ID_GENERATOR_SALT);
							dao.addNewReward(rewardID, rewardName,
									rewardDescription, venueID,
									checkinsRequired);
							dao.closeConnection();
							bean.setRewardID(rewardID);
							bean.setSuccess(true);
							return bean;
						} else {
							errors.add(Constants.VENUE_DOESNT_EXIST);
							dao.closeConnection();
						}
					} else {
						errors.add(Constants.NOT_AUTHORIZED);
						dao.closeConnection();
					}
				} catch (InstantiationException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (IllegalAccessException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (ClassNotFoundException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (SQLException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				}
			} else
				errors.add(Constants.UNEXPECTED_ERROR);
		} else
			errors.add(Constants.INVALID_SESSION);
		bean.setErrors(errors);
		bean.setSuccess(false);
		return bean;
	}
}
